Platform
azure
Component
azure-bastion
CVE-2025-49752 represents a critical elevation of privilege vulnerability impacting Azure Bastion. Successful exploitation allows an attacker to gain unauthorized access and escalate their privileges within the Azure environment. This vulnerability affects versions of Azure Bastion less than or equal to the currently known affected range. Microsoft has acknowledged the issue and is expected to release a patch.
This elevation of privilege vulnerability within Azure Bastion poses a significant risk. An attacker who successfully exploits this flaw could bypass standard authentication and authorization mechanisms, gaining control over the Bastion host and potentially the underlying virtual machines it manages. This could lead to data breaches, system compromise, and disruption of critical services. The blast radius extends to any resources accessible through the compromised Bastion host, potentially impacting sensitive data and applications. The ability to escalate privileges makes it possible to move laterally within the Azure environment, compromising other resources.
CVE-2025-49752 was publicly disclosed on 2025-11-20. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. There is currently no public proof-of-concept available, but the criticality of the vulnerability suggests it may become a target for exploitation. Monitor CISA and Microsoft security advisories for updates and potential exploitation campaigns.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
While a patch is pending, several mitigation steps can be taken to reduce the risk. Implement strict network segmentation to limit the potential impact of a compromise. Enhance monitoring and logging to detect suspicious activity. Review and enforce the principle of least privilege for users accessing Azure Bastion. Consider using Azure Security Center to identify and remediate potential vulnerabilities. Regularly review Bastion host configurations to ensure they adhere to security best practices. After the patch is applied, confirm successful remediation by verifying that the vulnerability scan reports no longer identify the issue.
Update Azure Bastion to the latest version available from Microsoft. Refer to the Microsoft security advisory for detailed instructions on updating and available mitigations.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-49752 is a critical vulnerability in Azure Bastion that allows attackers to escalate privileges and gain unauthorized access. It affects versions less than or equal to the currently known affected range, potentially compromising the entire Azure environment.
If you are using Azure Bastion and your version is less than or equal to the currently known affected range, you are potentially affected. Check your Azure Bastion deployment version against the vendor advisory for confirmation.
Apply the vendor-provided patch as soon as it becomes available. Until then, implement mitigation strategies such as network segmentation and enhanced monitoring to reduce the risk.
While there is currently no public proof-of-concept, the criticality of the vulnerability suggests it may become a target for exploitation. Monitor security advisories for updates.
Refer to the official Microsoft Security Response Center (MSRC) website for the latest information and advisory regarding CVE-2025-49752.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.